[ VIRTUAL CISO ]
Fractional CISO
Most companies between 50 and 300 people need a CISO function long before they need a full-time CISO. A Fractional CISO gives you senior security leadership on a retainer — same strategic authority, same board presence, a fraction of the cost. We own your security programme so you don’t have to build a team to run it.
Part-time engagement, full-time accountability
A Fractional CISO is not a consultant who reviews documents. They own the security programme: the risk register is theirs, the incident response plan is theirs, the compliance roadmap is theirs. When something goes wrong at 2 a.m., they lead the response. When the auditor shows up, they represent your business. That’s not fractional commitment — it’s fractional time.
Our Fractional CISO retainer pairs naturally with our penetration testing and ISO 27001 & SOC 2 services. Most clients run all three as one programme: the Fractional CISO sets direction, pen testing identifies the gaps, and the compliance engagement closes them against the framework.
Everything a CISO does, structured as a retainer
Security Strategy
Annual security strategy and roadmap aligned to your business objectives, risk appetite, and compliance obligations. Quarterly reviews and monthly adjustments keep it current. Auditor-ready at all times.
Risk Management
Living risk register maintained on your behalf — severity-ranked, mitigation-tracked, treatment-justified. Covered by ISO 27001 clause 6.1 and SOC 2 CC3.2. We own it, you approve it.
Compliance Oversight
Ongoing compliance programme management across ISO 27001, SOC 2, GDPR, and NIS2. We track obligations, own the evidence collection cadence, and coordinate with auditors so your team isn’t pulled into months of administration.
Board & Exec Reporting
Monthly security report for your leadership team and quarterly briefing for the board. Plain-English, no jargon dump. Metrics that matter to the business, not to a SOC analyst. Designed for the audience that needs to act on it.
Fractional CISO — Frequently Asked Questions
What is a Fractional CISO?
A Fractional CISO (also called a virtual CISO or part-time CISO) is a senior security executive who works with your organisation on a retainer basis rather than as a full-time employee. They own the information security strategy, risk register, compliance programme, and incident response function — and they represent security at the board and executive level. The “fractional” refers to the time commitment, not the responsibility: they are fully accountable for the security programme, just not on-site five days a week.
What’s the difference between a Fractional CISO and a full-time CISO?
A full-time CISO is an employee: on-site, embedded in the org chart, managing a security team, and costing €180,000–€350,000 per year in total compensation before benefits, bonuses, and recruitment fees. A Fractional CISO is a retainer engagement: they bring the same strategic experience and accountability, work with your team remotely and in scheduled engagements, and cost 10–20% of the full-time equivalent. For companies that don’t yet have the security team size to justify a full-time hire, Fractional is almost always the right model.
How many hours per month does a Fractional CISO work?
It depends on engagement scope, but our standard retainer runs 20–40 hours per month. That covers: a monthly risk register review, policy maintenance, one executive report, a quarterly board briefing, ongoing vendor security reviews, incident on-call availability, and ad-hoc questions from your team. Higher-intensity periods — compliance audits, incidents, vendor due-diligence cycles — are handled within the retainer or escalated to a supplementary day rate.
How much does a Fractional CISO cost?
Our Fractional CISO retainer starts from €2,500/month for companies up to ~100 people, and €3,000–€4,500/month for 100–300-person organisations with active compliance obligations. For context, a full-time CISO costs €180,000–€350,000 per year in total comp. A Fractional CISO delivers the strategic leadership function at roughly €30,000–€54,000/year — a saving of €150,000 or more, without the recruitment risk or employment overhead.
CISO-level security leadership, retainer-priced
Tell us about your organisation, your compliance goals, and your current security posture — we’ll scope a Fractional CISO engagement and come back with a fixed monthly price.
Kontakt aufnehmen → vCISO Services →